The oslo_privsep.capabilities Module

The oslo_privsep.capabilities Module

class oslo_privsep.capabilities.Capabilities

Bases: enum.IntEnum

An enumeration.

CAP_AUDIT_CONTROL = 30
CAP_AUDIT_READ = 37
CAP_AUDIT_WRITE = 29
CAP_BLOCK_SUSPEND = 36
CAP_CHOWN = 0
CAP_DAC_OVERRIDE = 1
CAP_FOWNER = 3
CAP_FSETID = 4
CAP_IPC_LOCK = 14
CAP_IPC_OWNER = 15
CAP_KILL = 5
CAP_LEASE = 28
CAP_LINUX_IMMUTABLE = 9
CAP_MAC_ADMIN = 33
CAP_MAC_OVERRIDE = 32
CAP_MKNOD = 27
CAP_NET_ADMIN = 12
CAP_NET_BIND_SERVICE = 10
CAP_NET_BROADCAST = 11
CAP_NET_RAW = 13
CAP_SETFCAP = 31
CAP_SETGID = 6
CAP_SETPCAP = 8
CAP_SETUID = 7
CAP_SYSLOG = 34
CAP_SYS_ADMIN = 21
CAP_SYS_BOOT = 22
CAP_SYS_CHROOT = 18
CAP_SYS_MODULE = 16
CAP_SYS_NICE = 23
CAP_SYS_PACCT = 20
CAP_SYS_PTRACE = 19
CAP_SYS_RAWIO = 17
CAP_SYS_RESOURCE = 24
CAP_SYS_TIME = 25
CAP_SYS_TTY_CONFIG = 26
CAP_WAKE_ALARM = 35
oslo_privsep.capabilities.drop_all_caps_except(effective, permitted, inheritable)

Set (effective, permitted, inheritable) to provided list of caps

oslo_privsep.capabilities.get_caps()

Return (effective, permitted, inheritable) as lists of caps

oslo_privsep.capabilities.set_keepcaps(enable)

Set/unset thread’s “keep capabilities” flag - see prctl(2)

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.